some UPN handling fixes

- making the realm part upper case is now optional and done in the
  LDAP backend
- using a username@realm UPN is now optional

3 files changed, 37 insertions, 5 deletions

diff --git a/server/providers/ldap/sdap.c b/server/providers/ldap/sdap.c
index 0b16db43..312a3674 100644
--- a/server/providers/ldap/sdap.c
+++ b/server/providers/ldap/sdap.c
@@ -40,7 +40,8 @@ struct sdap_gen_opts default_basic_opts[] = {
     { "groupSearchScope", "sub", NULL },
     { "groupSearchFilter", NULL, NULL },
     { "ldapSchema", "rfc2307", NULL },
-    { "offline_timeout", "5", NULL }
+    { "offline_timeout", "5", NULL },
+    { "force_upper_case_realm", "0", NULL }
 };
 
 struct sdap_id_map default_user_map[] = {
@@ -137,6 +138,11 @@ int sdap_get_options(TALLOC_CTX *memctx,
                          &opts->offline_timeout);
     if (ret != EOK) goto done;
 
+    ret = confdb_get_bool(cdb, opts, conf_path,
+                         "force_upper_case_realm", false,
+                         &opts->force_upper_case_realm);
+    if (ret != EOK) goto done;
+
     /* schema type */
     if (strcasecmp(opts->basic[SDAP_SCHEMA].value, "rfc2307") == 0) {
         opts->schema_type = SDAP_SCHEMA_RFC2307;
diff --git a/server/providers/ldap/sdap.h b/server/providers/ldap/sdap.h
index 5afbcfc0..50fc3d10 100644
--- a/server/providers/ldap/sdap.h
+++ b/server/providers/ldap/sdap.h
@@ -84,8 +84,9 @@ enum sdap_result {
 #define SDAP_GROUP_SEARCH_FILTER 12
 #define SDAP_SCHEMA 13
 #define SDAP_OFFLINE_TIMEOUT 14
+#define SDAP_FORCE_UPPER_CASE_REALM 15
 
-#define SDAP_OPTS_BASIC 15 /* opts counter */
+#define SDAP_OPTS_BASIC 16 /* opts counter */
 
 /* the objectclass must be the first attribute.
  * Functions depend on this */
@@ -139,6 +140,7 @@ struct sdap_options {
     int network_timeout;
     int opt_timeout;
     int offline_timeout;
+    bool force_upper_case_realm;
 
     /* supported schema types */
     enum schema_type {
diff --git a/server/providers/ldap/sdap_async.c b/server/providers/ldap/sdap_async.c
index 7c6cd2c2..85559178 100644
--- a/server/providers/ldap/sdap_async.c
+++ b/server/providers/ldap/sdap_async.c
@@ -18,11 +18,31 @@
     You should have received a copy of the GNU General Public License
     along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
+#include <ctype.h>
 
 #include "db/sysdb.h"
 #include "providers/ldap/sdap_async.h"
 #include "util/util.h"
 
+#define REALM_SEPARATOR '@'
+
+static void make_realm_upper_case(const char *upn)
+{
+    char *c;
+
+    c = strchr(upn, REALM_SEPARATOR);
+    if (c == NULL) {
+        DEBUG(9, ("No realm delimiter found in upn [%s].\n", upn));
+        return;
+    }
+
+    while(*(++c) != '\0') {
+        c[0] = toupper(*c);
+    }
+
+    return;
+}
+
 /* ==LDAP-Memory-Handling================================================= */
 
 static int lmsg_destructor(void *mem)
@@ -841,6 +861,7 @@ static struct tevent_req *sdap_save_user_send(TALLOC_CTX *memctx,
     uid_t uid;
     gid_t gid;
     struct sysdb_attrs *user_attrs;
+    char *upn = NULL;
 
     req = tevent_req_create(memctx, &state, struct sdap_save_user_state);
     if (!req) return NULL;
@@ -952,10 +973,13 @@ static struct tevent_req *sdap_save_user_send(TALLOC_CTX *memctx,
     if (el->num_values == 0) {
         DEBUG(7, ("User principle is not available for user [%s].\n", name));
     } else {
+        upn = talloc_strdup(user_attrs, (const char*) el->values[0].data);
+        if (opts->force_upper_case_realm) {
+            make_realm_upper_case(upn);
+        }
         DEBUG(7, ("Adding user principle [%s] to attributes of user [%s].\n",
-                  el->values[0].data, name));
-        ret = sysdb_attrs_add_string(user_attrs, SYSDB_UPN,
-                                     (const char *) el->values[0].data);
+                  upn, name));
+        ret = sysdb_attrs_add_string(user_attrs, SYSDB_UPN, upn);
         if (ret) {
             goto fail;
         }